In a recent article it was reported that more that 300,000 websites had been booby trapped. http://www.theregister.co.uk/2009/12/10/mass_web_attack/. The bad guys were able to compromise these websites and insert programs so that if you visit the web site it will try to infect your computer. You have no way of knowing if a web site has been compromised, it’s always a risk, but there are things you can do to minimize your risk.

Working for an antivirus company you probably expect me to say that the number one thing you should do is use antivirus software, but that’s number five. Number one, two, and three are patch, patch, patch!!! The compromised websites would try to exploit vulnerabilities in Microsoft products and Adobe Flash in order to infect your computer. You might seriously want to consider going out to the adobe website right now and making sure that you have the most current version of the Flash Player if it is installed on your computer. Regardless of whether you are running Windows, Linux, or a Mac, you should keep your operating system fully patched. For Windows users I recommend you go to www.secunia.com and run their vulnerability scanner to see what all you have that needs to be patched.

With items one, two, and three out of the way, lets move on to number four. Education. You need to be educated about the threats that are out there. Many of the threats do not exploit vulnerabilities, but simply trick you into installing malicious software. If a site says you need to update your flash player, then go to the Adobe web site and only ever update from there. If you have the current Flash player and the site still says you need to update then it is almost certainly trying to trick you into installing malicious software. If you understand this, then you won’t try to install the malicious software and you are protected. Another favorite of the criminals is to tell you that you need a codec to view a video. This is also a ploy to trick you into installing malicious software. Don’t do it!!! If you come to a webpage that says it is scanning your computer, and you did not tell it to then close your browser immediately and don’t go back to that web page. If it won’t let you close the browser then use ctrl+alt+del to open up the task manager and end the browser session. If you go to a site that offers to scan your computer then you need to make sure you are at a reputable site.

Yes, you should probably be using antivirus software as well. People make mistakes sometimes and multiple levels of defense make sense. In some cases there may be an unpatched vulnerability, but the malicious software being downloaded is detected *IF* you have antivirus software installed and kept up to date.

You can’t prevent someone else’s website from being infected, but you can take some simple steps to make sure it is their problem and not yours.

Patch, educate yourself, and use security software.

Randy Abrams
Director of Technical Education